Week 43 In Review – 2014

Hack.lu 2014 Wrap-Up Day #1 – blog.rootshell.be
After attending BlackHat last week in Amsterdam, Xavier is now in Luxembourg until Friday to attend the 10th edition of Hack.lu. here is Xavier’s wrap-up for the first day. As usual, the first day started via a first bunch of workshops.

Hack.lu 2014 Wrap-Up Day #2 – blog.rootshell.be
Here is Xavier’s small wrap-up for the second day. There was again some Cisco forensics workshops on the schedule, that’s why he was not able to attend all that day’s talks.

Hack.lu 2014 Wrap-Up Day #3 – blog.rootshell.be
Here’s the daily quick wrap-up for the third day. Xavier attended more talks on that day (no workshops).

GrrCON 2014 Videos – irongeek.com
These are the videos of the presentations from GrrCON 2014. You can watch and download the videos from here.

Ruxcon Slides – ruxcon.org.au
These are the presentation slides of all speakers at Ruxcon 2014. You can download the slides from here.

CSAW CTF 2014 VM – isisblogs.poly.edu
CSAW-CTF, A competition designed for undergraduate students who are trying to break into cyber security. A few weeks ago the CSAW CTF was run from NYU-Poly and over 2500 teams registered to play.

Reverse Engineering a Web Application – for fun, behavior & WAF Detection – blog.c22.cc
In this presentation Rodrigo “Sp0oKeR” Montoro (Sucuri Security) will share some of their research, results and how they have maintained WAF (Web Application Firewall) using very low CPU processes and high detection rates. Presenation is based on WordPress / NGINX, but concepts can be applied to any Wed Application / CMS technologies.

Symantec Intelligence Report: September 2014 – symantec.com
Here is the September edition of the Symantec Intelligence report. There were 600 vulnerabilities disclosed in the month of September, the highest number so far in 2014 and second-highest in the last 12 months.

OWTF 1.0 “Lionheart” released! – blog.7-a.org
OWTF 1.0 “Lionheart” (beta) is the biggest release ever by Abraham Aranguren, this contains many cool projects implemented by many , so, in no particular order, here is a quick overview of the new major features!

FTDI Screws Up, Backs Down -hackaday.com
A few days ago hackaday learned chip maker FTDI was doing some rather shady things with a new driver released on Windows Update. Microsoft has since released a statement and rolled back two versions of the FTDI driver to prevent counterfeit chips from being bricked.

Vulnerabilities

PSA: don’t run ‘strings’ on untrusted files (CVE-2014-8485) – lcamtuf.blogspot.com
Many shell users, and certainly most of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans the file for runs of printable characters and dumps them to stdout – something that is very unlikely to put you at any risk.

R7-2014-17: NAT-PMP Implementation and Configuration Vulnerabilities – community.rapid7.com
Rapid7 Labs started scanning the public Internet for NAT-PMP as part of Project Sonar. NAT-PMP is a protocol implemented by many SOHO-class routers and networking devices that allows firewall and routing rules to be manipulated to enable internal, assumed trusted users behind a NAT device to allow external users to access internal TCP and UDP services for things like Apple’s Back to My Mac and file/media sharing services.

POODLE Unleashed: Understanding the SSL 3.0 Vulnerability – community.rapid7.com
Three researchers from Google have published findings about a vulnerability in SSL 3.0, a cryptographic protocol designed to provide secure communication over the internet. Successful exploitation of this vulnerability can result in an attacker exposing data encrypted between an SSL 3.0 compatible client and a SSL 3.0 compatible server.

POODLE: Padding Oracle On Downgraded Legacy Encryption -labs.portcullis.co.uk
Last week, researchers from Google released details of a new attack that they have called the Padding Oracle On Downgrade Legacy Encryption (POODLE) attack which has been assigned CVE-2014-3566. The summary is, essentially, that SSLv3 uses a MAC-then-encrypt construction, which doesn’t authenticate the padding as it is applied on the plaintext message before padding or encryption are applied.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.